Password cracking methods

I am really interested in the different password cracking methods. Sometimes I cannot decide which one is the fastes and more effective. You can choose between single CPU, multiple CPU (cluster), GPU, Rainbow tables, Distributed Rainbowtables and Online crackers.

If you ignore Rainbow tables for now, you can choose from different methods like: dictionary, optimized hybrid, incremental, simple brute-force. Usually I start with my dictionaries, then I let the brute-force go for a while. If no success, I tell the clients that the password is not trivial, and this is good however there should be a dictionary out there with some of the passwords I had not cracked in this way, but time is the enemy of ethical hackers. So if someone is interested in the different methods, I suggest trying the GPU at first, because that one is the fastest. I've tested it, and wrote an article in Hungarian for the company blog ( Usually not all graphic cards support it, you should check it before, and usually a few number of algorithms are supported (MD5 is for sure) in brutefoce mode, but it is way faster than the others. What took 15 minutes with single CPU John, took 11 minutes with RainbowTables and only 5 seconds!!! with GPU.

You should try all of them, and choose depending on your needs and available resources.

I wrote a howto for John The Ripper MPI: John-jumbo-full-mpi Ubuntu 10.04: